10 November 2007

SIM Cards

Click for larger image

A large number of appliances have something called a "SIM card," which stands for "subscriber identity module." On GSM-format cell phones, SIM cards can be removed (see image at right). The card fits behind the battery and stores data peculiar to that particular user. All SIM cards must store the international mobile subscriber identity (IMSI) key in an embedded microchip. The embossed gold panel is not the chip, but contacts for interface with the chip.

In addition to the IMSI key, SIM cards store one's personal phone book, text messages, and other data input during one's use of the phone. GSM-based phones permit a user to swap SIM cards with another GSM phone and use that phone the same way (if, say, the battery in the first phone runs out). A SIM card can also be inserted in a laptop (perhaps via a PC card), allowing you to switch your PCS account to your remote computer.

However, the most compelling advantage of SIM cards is the ability to manage the contents of your cell phone using the much more convenient interface of a desktop or laptop:

The SIM card is an example of a contact smart card, or card with an embedded microchip and an embossed metallic panel for contact with a reader. Contact smart cards are widely used in Europe for payment and medical care payments; businesses and governments in the USA do not deploy them so much, mainly because they use contactless (RFID-based) identity cards.

The Wikipedia entry on smart cards does not really explain very well why EMV cards are popular in Europe and RFID cards are used in the USA. Part of the reason was that, in the EU, there are large areas where landline technology was leapfrogged by cellular technology. In some areas of Europe, I am advised, landlines were comparatively poor so there was exceptionally strong demand for cell phones. Unfortunately for the USA, this meant that cell phone technology lagged far behind Europe and broadband connectivity is mostly through DSL or cable (and sometimes WiFi or Bluetooth).

Click for larger image Veriphone Tranz 380 X2

In the USA, particularly in the early 1990's when smart cards became widespread, payment cards were used almost entirely in one country (with one fraud prevention system); cards were read through internet-based card readers like the one shown. Needless to say, all the credit card reader needs to do is read a little ferro-magnetic strip which contains a user key; the network does the rest. But at the time, such networks were not always available in parts of the EU, so banks would embed account information (including balances) directly into the card. A card reader did not have to have a working internet connection.1 Anti-fraud measures like PIN entry could be built directly onto the card, and they were more robust. Even when POS devices were connected to the internet, smart cards offered the advantage that their own encryption systems made them secure for transactions throughout Europe.

Likewise, the French national health care system (adopted in the early 1980's) implemented smart cards to identify patients and store medical records. In addition to the ability of a patient to store significant medical information, the smart card is intended to prevent ID theft.2